Audit Planning and Risk Assessment Process
In determining which areas to audit, we develop an annual risk-based dynamic audit plan designed to test high and moderated rated areas. A dynamically based audit plan allows us to adjust our schedule as necessary to incorporate emerging issues and significant changes within the agency.Biennially, we update our risk assessments and evaluate each auditable area based on several criteria, including:
- Legal/compliance considerations - Risk of significant regulations and/or legal requirements, and costly penalties/fines for non compliance.
- Control environment - Degree of management experience and monitoring, early warning systems or quality assurance programs established, and/or the results of prior audit/regulatory reviews.
- Size - Financial reporting risk and the unit's annual revenue, annual expense total, asset size, annual operating expense, and/or number of transactions.
- Complexity - Complexity of the unit's processes, degree of specialized skill required, significant dependencies on other units/processes, degree of external/market risk factors, and/or significant systems used by the area.
The problem with TriMet's auditing process is that it is internal. There are no external audits at TriMet, so any audit is basically at the whim of the GM. If he doesn't like the audit he can fire the auditor and start anew. Which defeats the whole purpose of the audit.
ReplyDeleteNote, that at Metro and the City of Portland, the auditor is an entirely separate position that is elected - not hired or appointed. So while they are considered employees of the district (itself questionable), they can't be touched by the Mayor, Executive, Council or Board. If they don't like the audit they can pound sand. However - the auditor has no enforcement capability, like a federal Inspector General, so all they really do is shuffle paper.
Enron Accounting Lives!
ReplyDeletethe auditor has no enforcement capability, like a federal Inspector General, so all they really do is shuffle paper.
ReplyDeleteThey at least bring things to light, and professional journalists say that "sunshine is the best disinfectant"
Also, I thought internal auditing was very common (not at all saying that it's the only thing needed)
ReplyDelete